Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, February 20, 2010

Someone has to be teaching all these small time crooks how to “Have Fun and Make Huge Profits in the emerging Identity Theft Industry!” If I teach my security students how to steal Identities (because they need to understand the techniques they will face) is it my fault that they express their appreciation by occasionally send me 10% of their take?

It started out last month with a man and woman getting busted breaking into cars at the Kohl’s department store on Paseo del Norte NE.

By Thursday, a dozen people were in custody in what authorities are calling the largest identity theft ring in the city’s history.

Officials have identified Robert Rivera as the ringleader of a group who allegedly used an elaborate computer system to make bogus checks, fake credit cards and IDs. The suspects are accused of using the checks and credit cards to defraud Walmart, Maloof Distributing, Paul Allen Homes, Albertsons grocery stores and Bank of the West.

“We believe this is going to be the largest, most high-profile identity theft ring the city has ever encountered,” said Pat Davis, spokesman for the District Attorney’s Office. “That’s because this is not a group that used a single method — these weren’t just burglaries and thefts. They literally used every trick in the book to obtain bank records, IDs and account information of their victims, then turned around and used every tactic they could to quickly convert that into cash.”

The FBI is investigating a Pennsylvania school district accused of secretly activating webcams inside students’ homes, a law enforcement official with knowledge of the case told The Associated Press on Friday.

The FBI will explore whether Lower Merion School District officials broke any federal wiretap or computer-intrusion laws, said the official, who spoke on condition of anonymity because the official was not authorized to discuss the investigation.

Days after a student filed suit over the practice, Lower Merion officials acknowledged Friday that they remotely activated webcams 42 times in the past 14 months, but only to find missing student laptops. They insist they never did so to spy on students, as the student's family claimed in the federal lawsuit.

Families were not informed of the possibility the webcams might be activated in their homes without their permission in the paperwork students sign when they get the computers, district spokesman Doug Young said.

… The Pennsylvania case shows how even well-intentioned plans can go awry if officials fail to understand the technology and its potential consequences, privacy experts said. Compromising images from inside a student's bedroom could fall into the hands of rogue school staff or otherwise be spread across the Internet, they said.

(Related) It's difficult to get users to read all of the feature documentation that comes with an operating system (because no documentation comes with the operating system?) So you have to rely on some geek finding the “feature” and not keeping it in his secret list of hacks.

"Windows 7 contains a 'SoftAP' feature, also called 'virtual Wi-Fi,' that allows a PC to function simultaneously as a Wi-Fi client and as an access point to which other Wi-Fi-capable devices can connect. The capability is handy when users want to share music and play interactive games. But it also can allow on-site visitors and parking-lot hackers to piggyback onto the user's laptop and 'ghost ride' into a corporate network unnoticed."

There is something compelling about the writings of an angry judge. They seem to cut directly to the heart of their argument and express themselves in very clear, non-technical (and highly quotable) language,

When a judge called for United States v. Lemus to be reheard en banc, the majority of judges in the Ninth Circuit Court of Appeals did not vote to rehear the case. Chief Judge Alex Kozinski wrote an absolutely blistering dissent to that denial. With Judge Paez joining in the dissent, he wrote:

This is an extraordinary case: Our court approves, without blinking, a police sweep of a person’s home without a warrant, without probable cause, without reasonable suspicion and without exigency—in other words, with nothing at all to support the entry except the curiosity police always have about what they might find if they go rummaging around a suspect’s home. Once inside, the police managed to turn up a gun “in plain view”—stuck between two cushions of the living room couch—and we reward them by upholding the search.

Did I mention that this was an entry into somebody’s home, the place where the protections of the Fourth Amendment are supposedly at their zenith? The place where the “government bears a heavy burden of demonstrating that exceptional circumstances justif[y] departure from the warrant requirement.” United States v. Licata, 761 F.2d 537, 543 (9th Cir. 1985). The place where warrantless searches are deemed “presumptively unreasonable.” Payton v. New York, 445 U.S. 573, 586 (1980).

A suburban Philadelphia school district yesterday denied it spied on students by remotely activating the cameras on their school-issued MacBook laptops.

In a statement released late Thursday, Christopher McGinley, the superintendent of Lower Merion School District of Ardmore, Pa., admitted that the MacBooks’ cameras could be turned on without the user’s knowledge, but said that the functionality was part of a security feature.

“Laptops are a frequent target for theft in schools and off-school property,” said McGinley. “The security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.” When switched on, the feature was limited to taking snapshots of whomever was using the notebook and capturing the computer’s current screen.

Bank of America takes money from customers’ accounts to pay for services they didn’t order and don’t want, a class action claims in Federal Court. The class claims the bank charges for “Privacy Assist” services without informing them, and refuses to refund the money when customers catch on.

The class claims Bank of America has been withdrawing $8.99 from their accounts every month for “Privacy Assist,” which includes credit monitoring and free access to online credit reports.

A judge is weighing whether Facebook’s right to privacy trumps a man’s rights to discovery for his defense in a criminal trial.

At issue is a motion from the attorney for former St. Louis City police Officer Bryan Pour, who authorities say used his department-issued pistol to shoot Jeffrey Bladdick in a bar parking lot. The motion seeks disclosure from Facebook of 23 individual user profiles and the actions of a Facebook group called “Jeff Bladdick is a bulletproof badass” going back to the day before the Nov. 9, 2008 incident.

Madison County Associate Judge James Hackett said he needed more time after hearing arguments from both sides Wednesday.

Pour’s attorney Albert Watkins said an anonymous tipster informed him of the group, which he believes included several officers involved in the investigation.

Watkins argued that his client’s constitutional rights fall within exceptions of the 2000 Electronic Communications Privacy Act and said that law enforcement regularly accesses the same records for its own investigations.

Pour faces up to 30 years in prison if convicted.

“If law enforcement is entitled to those records, it seems inherently flawed to not allow a criminally accused person who’s looking at 30 years in prison to the same information when it is clear that something was said,” Watkins said.

Does the government need any warrant or additional legal authority to view or collect information from publicly available web sites? A recent DHS memo received some guffaws on mail lists where people wondered why DHS would need to issue detailed privacy impact memos or justification that it was reading sites that are publicly available to everyone. And from a national security perpsective, don’t we want the government finding what is out there for everyone else to find?

John Young of Cryptome.org seems to think that the government does need some authorization to monitor publicly available web sites. Cryptome received an email from the Coast Guard about a file available on his site that indicated that as part of a “DHS wide pre-audit of public facing internet sites,” the Coast Guard was contacting “owners of CG web sites identified” that might contain inappropriate material. The email referred to a file on his site that was marked FOUO (For Official Use Only).

After confirming that the email was for real, Young replied, in part:

If you are legitimately and with authorization acting on behalf of the Coast Guard and DHS, you are overreaching governmental authority to monitor public web sites for “inappropriate material” unless you have a court order to do so or that the President has issued an executive order for such invasive action.

If you are doing this in secret or without appropriate authority, that is an even greater violation

Young has now filed a FOIA request to obtain more information about the Coast Guard conducting “pre-audit reviews.”

Any lawyers care to chime in on the situation? I don’t see anything particularly wrong with the government scanning publicly available web sites for files that they deem as important to national security, although I do appreciate John’s response about FOUO designation.

(Related) Not actually seizure, they just downloaded a copy of his child porn files.

… The defendant, however, claimed he had a reasonable expectation of privacy because he thought he had turned off LimeWire’s share feature.

The new economics. “We love our customers, just not as much as we love money!” You never purchased your games, soon even the packaging will be worthless. Perhaps soon, you will only be able to play games in the cloud, where game manufacturers will have more control over their product.

"In a move to counter sales of pre-owned games, EA recently revealed DLC perks for those who buy new copies of Mass Effect 2 and Battlefield: Bad Company 2. Now, PlayStation platform holder Sony has jumped on the bandwagon with similar plans for the PSP's SOCOM: Fireteam Bravo 3. '[Players] will need to register their game online before they are able to access the multiplayer component of the title. UMD copies will use a redeemable code while the digital version will authenticate automatically in the background. Furthermore ... anyone buying a pre-owned copy of the game will be forced to cough up $20 to obtain a code to play online." [All used games just lost $20 of market value. Bob]

"IEEE Spectrum takes a look behind the scenes at Valve's on-going efforts to battle cheaters in online games: 'Cheating is a superserious threat,' says [Steam's lead engineer, John] Cook. 'Cheating is more of a serious threat than piracy.' The company combats this with its own Valve Anti-Cheat System, which a user consents to install in the Steam subscriber agreement. Cook says the software gets around anti-virus programs by handling all the operations that require administrator access to the user's machine. So, how important is preventing cheating? How much privacy are you willing to sacrifice in the interests of a level playing field? 'Valve also looks for changes within the player's computer processor's memory, which might indicate that cheat code is running.'"

Yet another Internet service? Massive data centers require massive amounts of power. If you play in that market, arbitrage and hedging come naturally. (and wholesale beats retail any day.)

"The US Federal Energy Regulatory Commission (FERC) on Thursday granted Google the authority to buy and sell energy on a wholesale basis. Google applied for the authorization last December through a wholly owned subsidiary called Google Energy. 'We made this filing so we can have more flexibility in procuring power for Google's own operations, including our data centers,' Google spokeswoman Niki Fenwick said via e-mail. But the authorization also raises the prospect that Google may start to buy and sell energy as a business."

David Robinson and Harlan Yu have posted a superb series of posts on Freedom to Tinker (1,2,3) about tactics which might be used to identify anonymous internet posters, even in cases where IP addresses might not have been logged by the site which hosts the comment. The key insight is that sites typically embed multiple external services (such as advertising, stats counters and video hosting) which may either individually or in combination enable the identity of particular users to be pinned down…

Chronicle of Higher Education: "This is a strong vehicle for academic freedom," says Mr. Willinsky, whose Public Knowledge Project offers free journal-publishing software to academics. In a world where subscriptions to some medical journals can cost more than $10,000 a year, and many colleges in developing countries cannot afford more than a handful of scholarly publications, publishing enabled by this kind of tool is plugging many academics into research and discourse as never before."

Rather than torture yourself trying to explain to a clueless relative how to perform a simple computer task, use ScreenToaster to capture a video of yourself doing it and automatically upload it to the web. You can also record an audio track for your tutorial. Best of all, you don’t have to install any software, and the whole

FillAnyPDF is a fairly simple web app which allows you to upload a PDF file, then easily write on it wherever you want. ... You can also share your blank form with others, so you can collect forms from a group easily. FillAnyPDF also supports electronic signatures and has a repository of free forms.

Vuvox is a rich media creation app that allows you to quickly turn your photos and audio into a moving web collage. A set of simple editing tools allow you to crop and rotate your pictures and when you’re done you can embed your collage into any webpage, or share links to a larger version on Vuvox’s website.

Thursday, February 18, 2010

A Louisiana man whom prosecutors said was the ringleader of an identity theft scheme with dozens of victims has been sentenced to 309 years in prison.

U.S. Attorney David Dugas said the sentence handed down Wednesday to 43-year-old Robert Thompson, of Zachary, is the longest prison sentence for any white-collar crime in the history of his Baton Rouge-based office’s jurisdiction.

[...]

Thompson, also known as John Lawson, allegedly used the identities and financial information of 61 individuals, churches, financial institutions and businesses to steal more than $200,000 worth of cash and goods.

Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.

The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.

The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn't clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used.

… Starting in late 2008, hackers operating a command center in Germany got into corporate networks by enticing employees to click on contaminated Web sites, email attachments or ads purporting to clean up viruses, NetWitness found.

In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and email.

Something your Security Manager can look forward to? Are your backups complete? The last couple of paragraphs in the article are gibberish, so I'll have to wait for more details. Comments suggest this could be the “push update” from Microsoft that resulted in a “blue screen of death” on so many systems...

"The City of Norfolk, Virginia is reeling from a massive computer meltdown in which an unidentified family of malicious code destroyed data on nearly 800 computers citywide. The incident is still under investigation, but city officials say the attack may have been the result of a computer time bomb planted in advance by an insider or employee and designed to trigger at a specific date, according to krebsonsecurity.com. 'We don't believe it came in from the Internet. We don't know how it got into our system,' the city's IT director said. 'We speculate it could have been a time bomb waiting until a date or time to trigger. Whatever it was, it essentially destroyed these machines.'"

[From the article:

Cluff added that city employees are urged to store their data on file servers, which were largely untouched by the attack, but he said employees who ignored that advice and stored important documents on affected desktop computers may have lost those files.

IT specialists for the city found that the system serving as the distribution point for the malware within the city’s network was a print server that handles printing jobs for Norfolk City Hall. However, an exact copy of the malware on that server may never be recovered, as city computer technicians quickly isolated and rebuilt the offending print server. [Repair must come after identification and isolation of the malware! Bob]

"During the simulated cyber attack that took place yesterday in Washington and was recorded by CNN, one thing became clear: the US are still not ready to deflect or mitigate such an attack to an extent that would not affect considerably the everyday life of its citizens. The ballroom of the Washington's Mandarin Oriental Hotel was for this event transformed into the White House Situation Room, complete with three video screens displaying maps of the country, simulated updates and broadcasts by 'GNN,' an imaginary television network 'covering' the crisis."

"Just hours before Adobe is slated to deliver the latest patches for its popular PDF viewer, ScanSafe announced that by its counting, malicious Adobe Reader documents made up 80% of all exploits at the end of 2009. In the first quarter of 2009, malicious PDF files made up 56% of all exploits tracked by ScanSafe. That figure climbed above 60% in the second quarter, over 70% in the third and finished at 80% in the fourth quarter. Mary Landesman, a ScanSafe senior security researcher, said, 'Attackers are choosing PDFs for a reason. It's not random. They're establishing a preference for Reader exploits.' Exactly why hackers choose Adobe as their prime target is tougher to divine, however. 'Perhaps they are more successful,' she said. 'Or maybe it's because criminal attackers are human, too. We respond when we see a lot of people going after a particular product... We all want to go after that product, too. In the attacker arena, they might be thinking, 'Gee, all these reports of Adobe Reader zero-days, maybe I should get in on them too.'"

“We can, therefore we must!” Can't wait to hear about the results of e-discovery. Photographs of children doing homework in their bedrooms have a high probability of looking like Child Porn. Did no one consider that?

A federal class action claims a suburban school district has been spying on students and families through the “indiscriminant use of and ability to remotely activate the webcams incorporated into each laptop issued to students,” without the knowledge or consent of students or parents. The named plaintiffs say they learned that Big Brother was in their home when an assistant principal told their son that the school district knew he “was engaged in improper behavior in his home, and cited as evidence a photograph from the webcam embedded in minor plaintiff’s personal laptop issued by the school district.”

Two members of Philadelphia's city council are considering legal action against Facebook, Twitter, and MySpace in the wake of a "flash mob" earlier this week that turned violent, according to a letter sent to the city's mayor and obtained by CNET. They claim that social-media sites don't do enough to keep tabs on violence that could be organized through their communication channels.

Perhaps now is the time to start leaking the horrors of a “global copyright agreement?”

"A brief report from the European Commission authored by Pedro Velasco Martins (an EU negotiator) on the most recent round of ACTA negotiations in Guadalajara, Mexico has leaked, providing new information on the substance of the talks, how countries are addressing the transparency concerns, and plans for future negotiations. The document notes that governments are planning a counter-offensive to rebut claims of iPod-searching border guards and mandatory three-strikes policies."

A couple of thoughts occur: This technique will require more bandwidth (almost all new communications techniques do) and any hesitation in the connection will result in dropping game players – great way to ensure loyalty.

"If you get disconnected while playing, you're booted out of the game. All your progress since the last checkpoint or savegame is lost, and your only options are to quit to Windows or wait until you're reconnected. The game first starts the Ubisoft Game Launcher, which checks for updates. [More “push” updates. Bob] If you try to launch the game when you're not online, you hit an error message right away. So I tried a different test: start the game while online, play a little, then unplug my net cable. This is the same as what happens if your net connection drops momentarily, your router is rebooted, or the game loses its connection to Ubisoft's 'Master servers.' The game stopped, and I was dumped back to a menu screen — all my progress since it last autosaved was lost."

A simple app if I ever saw one, Tube2Tone is also quite useful and (most of all) very, very easy to get to grips with. You see, through this site you will be capable of taking any video hosted on YouTube and have it processed so that it becomes a ringtone.

Security Labs Report Jul 2009-Dec 2009 Recap - "This report has been prepared by the M86 Security Labs team. It covers key trends and developments in Internet security over the last six months, as observed by the security analysts at M86 Security Labs. M86 Security Labs is a group of security analysts specializing in Email and Web threats, from spam to malware.

Key Points of this report:

Spam volumes increased dramatically in 2009, to over 200 billion per day with the vast majority sent through Botnets of infected computers. In the second half of 2009, 78% of all spam originated from the top 5 botnets alone by volume.

Malicious spam dramatically increased in volume, reaching 3 billion messages per day, compared to 600 million messages per day in the first half of 2009.

Even with adequate protection from Antivirus software, Zero Day Vulnerabilities left users vulnerable to potential attacks 40% of the time (in the 2nd half of 2009)."

… The latest ruling, which supports the student, concerned a former Florida high senior who was reprimanded for “cyberbullying” a teacher on Facebook. Katherine Evans, now 20, was suspended two years ago after creating a Facebook group devoted to her English teacher.

"The Mercury News reports that Google, whose stated mission is to make the world's information universally accessible, says the race and gender of its work force is a trade secret that cannot be released. So do Apple, Yahoo, Oracle, and Applied Materials. The five companies waged a successful 18-month FOIA battle with the Merc, convincing federal regulators who collect the data that its release would cause 'commercial harm' by potentially revealing the companies' business strategy to competitors. Law professor John Sims called the objections — the details of which the Dept. of Labor declined to share — 'absurd.' Many industry peers see the issue differently — Intel, Cisco, eBay, AMD, Sanmina, and Sun agreed to allow the DOL to provide the requested info. 'There's nothing to hide, in our view,' said a spokesman for Intel. Some observers note it's not the first time Google has declined to put a number on its vaunted diversity — in earlier Congressional testimony, Google's top HR exec dodged the question of how many African-American employees the company had."

"Scott Harris writes on Moviefone that the economics of Hollywood are often baffling, as DVD sales, broadcast fees and merchandising tie-ins balance against advertising costs and pay-or-play deals to form an accounting maze. The latest example is the untitled sequel to The Chronicles of Riddick, released in 2004 to a slew of negative reviews and general viewer indifference. Despite its hefty $105 million budget, most of which was spent on special effects, the film topped out at a paltry $57 million domestically. So how can a sequel be made if the movie lost money? The answer has to do with ancillary profits from revenue streams outside the box office. While the combined $116 million worldwide probably still didn't cover distribution and advertising costs, it likely brought the film close to even, meaning DVD sales and profits from the tie-in video game franchise may have put the movie in the black. In addition, Riddick itself was a sequel to Pitch Black, a modestly budgeted ($23 million) success back in 2000. Extending the franchise to a third film may help boost ancillary profits by introducing the Pitch Black and Chronicles of Riddick DVDs and merchandise to new audiences, meaning that the new film may not even need to break even to eventually turn a profit for the studio."

After a long battle with hackers who have been successful at jailbreaking the iPhone from one version of the OS to another, Apple is now taking a more personal approach to locking down the device. It's been reported that known iPhone jailbreaking/unlocking hackers have had their Apple IDs banned from Apple's App Store.

… Are you curious to find out What The Internet Knows About You? Then visit that link and see whether the information displayed is vaguely familiar. My result revealed that I had visited 65 of the 5,000 most popular internet websites.

… And there is more. Did You Watch Porn? If your significant other checks your browser(s), he’d better find this:

I'm fairly certain this is a logical conclusion, but one I don't see explained in the literature. How much water will be held in the atmosphere? Enough to off-set the rise of sea levels? Will the increase in clouds (water in the atmosphere) reflect enough sunlight to cause global cooling?

"NPR reports that with snow blanketing much of the country, the topic of global warming has become the butt of jokes; but for scientists who study the climate, there's no contradiction between a warming world and lots of snow. 'The fact that the oceans are warmer now than they were, say, 30 years ago means there's about on average 4 percent more water vapor lurking around over the oceans than there was... in the 1970s,' says Kevin Trenberth, a prominent climate scientist. 'So one of the consequences of a warming ocean near a coastline like the East Coast and Washington, DC, for instance, is that you can get dumped on with more snow partly as a consequence of global warming.' Increased snowfall also fits a pattern suggested by many climate models, in which rising temperatures increase the amount of atmospheric moisture, bringing more rain in warmer conditions and more snow in freezing temperatures."

"The Utah State Assembly has passed a resolution decrying climate change alarmists and urging '...the United States Environmental Protection Agency to immediately halt its carbon dioxide reduction policies and programs and withdraw its "Endangerment Finding" and related regulations until a full and independent investigation of climate data and global warming science can be substantiated.' Here is the full text of H.J.R 12."

The resolution has no force of law. The Guardian article includes juicy tidbits from its original, far more colorful, version.

The State Revenue Service (VID) in Latvia admitted Monday that its electronic security systems may have been breached and that millions of confidential documents could have been hacked.

The Latvian television news programme De Facto said Sunday night that 120 gigabytes of data consisting of 7.4 million individual documents had been leaked from VID’s database as a result of a data ‘hole’ in an electronic tax declaration system.

[...]

In a statement, VID said only that there was ‘a suspicion of a security incident involving possible data loss from the VID information system.’

The hole appeared to have been created in the system intentionally by a senior figure within VID, claimed representatives of a hackers’ group calling themselves the Fourth Awakening People’s Army (4ATA), which De Fact said obtained the information over a three-month period.

The incident represented the biggest data breach in Latvia's history and included information on businesses, individuals and public figures, De Facto claimed, and said it could vouch for the accuracy of the leaked data, which it said included the programme makers' tax codes and rates of pay.

… Despite the scandal surrounding the data breach, on Monday morning the official VID website was still encouraging businesses to declare their tax online and claimed the system was safe.

"A French judge has issued a national arrest warrant for US cyclist Floyd Landis in connection with a case of data hacking at a doping laboratory, a prosecutor's office said. French judge Thomas Cassuto is seeking to question Landis about computer hacking dating back to September 2006 at the Chatenay-Malabry lab, said Astrid Granoux, spokeswoman for Nanterre's prosecutor's office. The laboratory near Paris had uncovered abnormally elevated testosterone levels in Landis' samples collected in the run-up to his 2006 Tour de France victory, leading to the eventual loss of his medal."

The same software tools are available (from multiple vendors) in the US. Only the aggregation seems to rise to the level of notice.

Mobile spyware web-site www.shpioni.ge was withdrawn by its owner Saturday after young lawyers [Age is negatively correlated to tech savvy? Bob] warned that using the service is a violation of privacy and thus a crime.

Shpioni.ge offered widely-used smartphone spy software which allows you to silently record SMS text messages and GPS locations. It can be downloaded from its webpage and installed in Symbian-based handsets and its results are displayed in the private online accounts of clients.

[...]

Tamar Kordzaia of the Georgian Young Lawyers Association (GYLA) said that Shpioni.ge’s service is illegal and both its owners and users are committing a crime under the Criminal Code of Georgia.

“When a site offers us the chance to intercept someone’s correspondence and mobile phone communication this is an invasion of someone’s private life. The inviolability of private life is guaranteed by the Constitution of Georgia, which is the supreme law of the country,” Kordzaia noted.

Shoppers will have internet adverts displayed to them based on their offline shopping habits in a new scheme being developed by internet publisher Yahoo! and customer loyalty scheme Nectar.

The two companies will link their databases in a bid to better target consumers with relevant adverts and to improve the tracking of ads’ effectiveness in persuading consumers to buy goods.

[...]

The system is an opt-in one, meaning that consumers have to actively choose to allow their data to be used in this way. [Want to bet? Bob] Nectar is offering some of its points as an incentive for consumers to participate and 20,000 have already signed up, according to press reports.

LLRX.com - Ethics of Legal Outsourcing White Paper: The practical reality for US and UK attorneys engaging in or contemplating Legal Process Outsourcing (LPO) is that the outsourcing of both core legal and support services across the legal profession is nothing new. What is different today with the emergence of the LPO industry is that both core legal and legal support related services are being outsourced to lawyers, law firms and corporations located offshore in countries such as India, South Africa and the Philippines . Mark Ross analyzes how the outsourcing of legal work by a law firm or legal department to a legal outsourcing company or an entity located offshore raises specific issues pertaining to the outsourcing lawyer's ethical obligations to his or her client.

While participating in the workshop on Revisiting Research Ethics in the Facebook Era: Challenges in Emerging CSCW Research, the question arose as to whether it was ethical for researchers to follow and systematically capture public Twitter streams without first obtaining specific, informed consent by the subjects. Many in the room felt that consent was not necessary since the tweets are public, a conscious choice made by the user to allow the whole world see her activity. In short, by not restricting access to one’s account, there is no expectation of privacy.

You can read the entire entry here. As Michael reiterates in a comment in the discussion section, “the issue isn’t about having individual tweets reposted, but whether it is ethical for researchers to systematically follow and scrape them, without undergoing IRB review or gaining informed consent.”

Many commenters on Michael’s blog seem to think this is a non-issue and that there is no expectation of privacy in public tweets. But researchers often have additional ethical obligations that the general public does not have. So, for example, a psychologist who wishes to conduct research that involves observing people on the street or under naturalistic conditions without their knowledge needs to take the proposal before an institutional review board (IRB) who will consider whether there is any risk posed to the unwitting participants in the study that needs to be addressed. When it comes to running things by an IRB, my position has always been that it’s pretty much always of value for uni-based researchers to seek IRB input and approval – not just for liability reasons but to gain others’ perspectives on the ethics of your design and methods.

Whether Tweeters have any right to control the use of their tweets is not the same question as asking whether researchers have an obligation to ask.

You don't suppose this might be connected to the “cost cutting” newspapers are doing? Fewer investigative journalists equals less transparent government? Perhaps they are not yet able to analyze the blogs and tweets coming from insiders – any good intelligence service can.

New York Times: "Some big companies, like Hearst and The Associated Press, have been quietly ramping up their legal efforts, by doing more of the work in-house — and saving costs by not hiring outside lawyers — and being more aggressive in states where they can recoup legal fees and at the federal level, which also allows plaintiffs in such access cases to sue for legal fees when they win. At Hearst, the company’s top lawyer says it has never had more First Amendment lawsuits in courtrooms around the country than it does now. At The A.P., a cooperative owned by its member newspapers, in-house lawyers say they are becoming more aggressive on a number of fronts. In 2009, the agency was party to 40 lawsuits, moderately up from four years ago, when the number of lawsuits was in the low 30s, according to Dave Tomlin, associate general counsel for The A.P.... But The A.P. has been vastly more assertive in appealing denied Freedom of Information Act, or F.O.I.A., requests from the federal government under the Obama administration, which came to power promising to operate a more open government and alter what some media lawyers complained was a trend toward more government secrecy in the wake of the 9/11 terrorist attacks."

News release: "The John S. and James L. Knight Foundation has approved a new $2 million, three-year grant to the National Freedom of Information Coalition to launch the Knight FOI Fund and support state open government groups. The Knight FOI Fund will provide up-front costs such as court costs, filing and deposition fees, if attorneys are willing to take on a pro-bono basis cases that otherwise would go unfiled." [Attention law schools! Bob]

Part of Computer Security – does the software do what it claims to do?

"The unmasking of Bernard Madoff has made many business people uneasy about the ventures they invest in, and the new partners and new hires they take on. This mega-scandal is certainly instructive about the need for proper and timely due diligence about those with whom we do business. The missed opportunities to recognize Madoff’s criminality have been discussed ad infinitum over the last year... But more obscure recent cases provide other lessons about due-diligence checking that you might want to do as a matter of routine. The war stories below are real and scary, but the lessons they teach us can reduce the chances of deception, and the risks to reputation and investment."

Competition in the digital age. Multiple proprietary standards cost more to support than one open standard.

NakNak writes to mention that the DailyMaverick has a feature looking back at five years of YouTube, some of the massive changes that have been forced through as a result of its overwhelming popularity, and what changes might be necessary going forward.

"Google, which bought YouTube less than two years after it was founded for what was then considered outrageously expensive $1.65 billion, does not want Microsoft or Apple (or anybody else) to own the dominant video format. So it has become the biggest early tester of HTML5. Your browser doesn't support HTML5? Google launches its own browser, Chrome. Need to use Internet Explorer at work because that's all your IT department supports? Google launches a Chrome framework that effectively subverts IE and makes it HTML5-compatible. The final blow will be the day that YouTube switches off Flash and starts streaming only to HTML5 browsers. On that day all browsers will be HTML5 compatible or they will perish in the flames of user outrage."

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.